Add check_ssl_validity to build system, minor qol changes

.gitignore

@@ -253,6 +253,7 @@ NP-VERSION-FILE
 /plugins-scripts/check_oracle
 /plugins-scripts/check_rpc
 /plugins-scripts/check_sensors
+/plugins-scripts/check_ssl_validity
 /plugins-scripts/check_wave
 /plugins-scripts/check_file_age
 

configure.ac

@@ -1502,6 +1502,14 @@ else
 	AC_MSG_WARN([Tried $PERL - install Net::SNMP perl module if you want to use the perl snmp plugins])
 fi
 
+if ( $PERL -M"Crypt::X509" -M"Date::Parse" -M"LWP::Simple" -e 'exit' 2>/dev/null )
+then
+  AC_MSG_CHECKING(for Crypt::X509, Date::Parse, LWP::Simple perl modules)
+  AC_MSG_RESULT([found])
+else
+  AC_MSG_WARN([Tried $PERL - install the Crypt::X509, Date::Parse, LWP::Simple perl modules if you want to use check_ssl_validity])
+fi
+
 AC_PATH_PROG(PATH_TO_QUAKESTAT,quakestat)
 AC_PATH_PROG(PATH_TO_QSTAT,qstat)
 AC_ARG_WITH(qstat_command,

plugins-scripts/Makefile.am

@@ -16,11 +16,13 @@ VPATH=$(top_srcdir) $(top_srcdir)/plugins-scripts $(top_srcdir)/plugins-scripts/
 libexec_SCRIPTS = check_breeze check_disk_smb check_flexlm check_ircd \
 	check_log check_oracle check_rpc check_sensors check_wave \
 	check_ifstatus check_ifoperstatus check_mailq check_file_age \
+	check_ssl_validity \
 	utils.sh utils.pm
 
 EXTRA_DIST=check_breeze.pl check_disk_smb.pl check_flexlm.pl check_ircd.pl \
 	check_log.sh check_ntp.pl check_oracle.sh check_rpc.pl check_sensors.sh \
 	check_ifstatus.pl check_ifoperstatus.pl check_wave.pl check_mailq.pl check_file_age.pl \
+	check_ssl_validity.pl \
 	utils.sh.in utils.pm.in t
 
 EDIT = sed \

plugins-scripts/check_ssl_validity.pl

@@ -23,13 +23,25 @@ use POSIX qw(strftime);
 use Digest::MD5 qw(md5_hex);
 use LWP::Simple;
 
-getopts('p:t:H:dw:c:I:C:d');
+use Getopt::Long;
+Getopt::Long::Configure('bundling');
+GetOptions(
+    "h"   => \$opt_h,   "help"                  => \$opt_h,
+    "d"   => \$opt_d,   "debug"                 => \$opt_d,
+    "C=s" => \$opt_C,   "crl-cache-frequency=s" => \$opt_C,
+    "I=s" => \$opt_I,   "ip=s"                  => \$opt_I,
+    "p=i" => \$opt_p,   "port=i"                => \$opt_p,
+    "H=s" => \$opt_H,   "cert-hostname=s"       => \$opt_H,
+    "w=i" => \$opt_w,   "warning=i"             => \$opt_w,
+    "c=i" => \$opt_c,   "critical=i"            => \$opt_c,
+    "t"   => \$opt_t,   "timeout"               => \$opt_t
+);
 
 sub usage {
-        print "check_ssl_validity -H <cert hostname> [-I <IP/host>] [-p <port>]\n[-t <timeout>] [-w <expire warning (days)>] [-c <expire critical (dats)>]\n[-C (CRL update frequency in seconds)] [-d (debug)]\n";
-        print "\nWill look for hostname provided with -H in the certificate, but will contact\n";
-        print "server with host/IP provided by -I (optional)\n";
-        exit(1);
+    print "check_ssl_validity -H <cert hostname> [-I <IP/host>] [-p <port>]\n[-t <timeout>] [-w <expire warning (days)>] [-c <expire critical (dats)>]\n[-C (CRL update frequency in seconds)] [-d (debug)]\n";
+    print "\nWill look for hostname provided with -H in the certificate, but will contact\n";
+    print "server with host/IP provided by -I (optional)\n";
+    exit(1);
 }
 
 sub updatecrl {
@@ -108,10 +120,22 @@ if ($opt_c && $opt_c =~ /^\d+$/) {
 }
 
 sub doexit {
-        my $ret = shift;
-        my $txt = shift;
-        print "$txt\n";
-        exit($ret);
+    my $ret = shift;
+    my $txt = shift;
+    if ($ret == 0) {
+        print "OK: ";
+    }
+    elsif ($ret == 1) {
+        print "WARNING: ";
+    }
+    elsif ($ret == 2) {
+        print "CRITICAL: ";
+    }
+    else {
+        print "UNKNOWN: ";
+    }
+    print "$txt\n";
+    exit($ret);
 }
 
 $alldata = "";
@@ -164,14 +188,14 @@ $oktxt = "";
 $cn = $decoded->subject_cn;
 if ($opt_d) { print "Found CN: $cn\n"; }
 if ($vhost eq $decoded->subject_cn) {
-	$oktxt .= "Host $vhost matches CN $vhost on $hosttxt ";
-} elsif ($decoded->subject_cn =~ /^*\.(.*)$/) {
-	$wcdomain = $1;
-	$domain = $vhost;
-	$domain =~ s@^[\w\-]+\.@@;
-	if ($domain eq $wcdomain) {
-		$oktxt .= "Host $vhost matches wildcard CN " . $decoded->subject_cn . " on $hosttxt ";
-	}
+    $oktxt .= "Host $vhost matches CN $vhost on $hosttxt ";
+} elsif ($decoded->subject_cn =~ /^.*\.(.*)$/) {
+    $wcdomain = $1;
+    $domain = $vhost;
+    $domain =~ s@^[\w\-]+\.@@;
+    if ($domain eq $wcdomain) {
+        $oktxt .= "Host $vhost matches wildcard CN " . $decoded->subject_cn . " on $hosttxt ";
+    }
 }
 
 if ($oktxt eq "") {
@@ -205,7 +229,9 @@ $certtime = $decoded->not_after;
 $certdays = ($certtime-$uxtimegmt)/86400;
 $certdaysfmt = sprintf("%.1f", $certdays);
 
-if ($certdays < $crit) {
+if ($certdays < 0) {
+    doexit(2, "${oktxt}but it is expired ($certdaysfmt days)");
+} elsif ($certdays < $crit) {
     doexit(2, "${oktxt}but it is expiring in only $certdaysfmt days, critical limit is $crit.");
 } elsif ($certdays < $warn) {
     doexit(1, "${oktxt}but it is expiring in only $certdaysfmt days, warning limit is $warn.");